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AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A method, comprising: 

identifying a set of virtual private network (VPN) customers, at least one mobile 
access point (MAP) and at least one customer premise equipment (CPE) associated with 
each VPN customer, and at least one Internet Protocol (IP) service gateway (IPSG) for 
facilitating VPN tunneling between a MAP and a CPE, wherein each MAP is 
geographically remote from each IPSG; and 

selecting a subset of IPSGs to maximize total profit resulting from provisioning a 
subset of VPN customers on the selected IPSGs by: (a) determining network parameters; 
(b) formulating an aggregate costs per customer for provisioning a customer and resultant 
profit; and (c) solving optimization problem for integer variable Zjt such that profit G 
is maximized , wherein said total profit from all the customers comprises the sum of 
profits from each customer (/), where for each customer profit (jJ) equals weighted 
revenue (J V 1 ) less cost (C l ), (lf=Y V-d), wherein said cost per customer comprises a 
total tunnel bandwidth cost (Cc) from said MAP to said CPE, and a cost (CV) of 
provisioning an IPSG node. 

2. (Original) The method of claim 1, wherein r represents relative weight of 
revenue compared to total cost for customer /. 

3. (Original) The method of claim 1 , wherein said total tunnel bandwidth cost 
comprises a dynamic tunnel bandwidth cost between said MAP and said provisioned 
IPSG, and a static tunnel bandwidth cost between said provisioned IPSG and said CPE. 

4. (Original) The method of claim 1, wherein only a single tunnel is established 
between said provisioned IPSG and said CPE, even during instances where traffic from 
multiple MAPs are going through said provisioned IPSG to reach said CPE. 

5. (Original) The method of claim 1, wherein in an instance said provisioned IPSG 
sends traffic to more than one CPE, said provision cost is counted only once. 
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6. (Original) The method of claim 1, wherein said cost per customer / is determined 
by C' = ]T c'y + J3 d'jk + fjy'j , where c'y is a bandwidth cost associated 

\tePJeQ JeQ,keR, J 

with sending traffic from a MAP node / to an IPSG node j, dy*is a bandwidth cost 
associated with sending traffic from said IPSG node j to said CPE node k, /? represents a 
weighing factor with respect to said shared static tunnel,^ is a provisioning cost 
associated with using said IPSG node j ,y'j is a binary variable denoting whether said 
IPSG j is provisioned for a provisioned customer to send traffic to at least one of its 
CPEs, and a is a weighing factor for provision cost over total bandwidth cost. 

7. (Original) The method of claim 6, wherein said bandwidth cost (c#) associated 
with sending traffic from a MAP node i to an IPSG node j comprises the product of unit 
bandwidth cost between said MAP node i and said IPSG node j, and a sum of traffic 

£ j't* . V/ e P,Vj e Q\ from MAP node i to said CPE node k that is directed through 

keR, J 

IPSG node j. 

8. (Original) The method of claim 6, wherein said bandwidth cost (cf jk ) associated 
with sending traffic from an IPSG node j to a CPE node k comprises the product of unit 
bandwidth cost (e l Jk ) between said IPSG node j and said CPE node k, and a total amount 

of traffic ^ s 'v k . Y/ e g, VA: € i?, j from MAP node / to said CPE node k that is directed 

through IPSG node j. 

9. (Original) The method of claim 6, wherein said total amount of traffic ]£Vj,* 

from MAP node i to said IPSG node j is less than or equal to total bandwidth capacity 
(gtj) between said MAP node /' and said IPSG node j. 
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10. (Original) The method of claim 6, wherein said total amount of traffic |^ s'yk j 

from said IPSG node j to said CPE node k is less than or equal to total bandwidth 
capacity between said IPSG node j and said CPE node k. 

1 1 . (Currently Amended) A virtual private network (VPN) system architecture, 
comprising: 

means for identifying a set of virtual private network (VPN) customers, at least 
one mobile access point (MAP) and at least one customer premise equipment (CPE) 
associated with each VPN customer, and at least one Internet Protocol (IP) service 
gateway (IPSG) for facilitating VPN tunneling between a MAP and a CPE, wherein each 
MAP is geographically remote from each IPSG; and 

means for selecting a subset of IPSGs to maximize total profit resulting from 
provisioning a subset of VPN customers on the selected IPSGs by: (a) determining 
network parameters; (b) formulating an aggregate costs per customer for provisioning a 
customer and resultant profit; and (c) solving optimization problem for integer variable 
Sjjk, Zjk such that profit G is maximized , wherein said total profit from all the customers 
comprises the sum of profits from each customer (I), where for each customer profit (if) 
equals weighted revenue (J V 1 ) less cost (C 1 ), (1?=? Y-C\ wherein said cost per 
customer comprises a total tunnel bandwidth cost (C ! c ) from said MAP to said CPE, and 
a cost (CV) of provisioning an IPSG node. 

12. (Previously Presented) The system architecture of claim 11, wherein ? 
represents relative weight of revenue compared to total cost for customer /. 

1 3 . (Previously Presented) The system architecture of claim 1 1 , wherein said total 
tunnel bandwidth cost comprises a dynamic tunnel bandwidth cost between said MAP 
and said provisioned IPSG, and a static tunnel bandwidth cost between said provisioned 
IPSG and said CPE. 

14. (Previously Presented) The system architecture of claim 11, wherein only a single 
tunnel is established between said provisioned IPSG and said CPE, even during instances 
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where traffic from multiple MAPs are going through said provisioned IPSG to reach said 



15. (Previously Presented) The system architecture of claim 11, wherein in an 
instance said provisioned IPSG sends traffic to more than one CPE, said provision cost is 
counted only once. 

1 6. (Previously Presented) The system architecture of claim 1 1 , wherein said cost per 



customer / is determined by C' = ]>V<y + P + a 2//^'- / » wnere ° 1 >j ' ls a 



bandwidth cost associated with sending traffic from a MAP node i to an IPSG node j, d jk 
is a bandwidth cost associated with sending traffic from said IPSG node j to said CPE 
node k, ft represents a weighing factor with respect to said shared static tunnel, is a 
provisioning cost associated with using said IPSG node, y l j is a binary variable denoting 
whether said IPSG j is provisioned for a provisioned customer to send traffic to at least 
one of its CPEs, and a is a weighing factor for provision cost over total bandwidth cost. 

1 7. (Previously Presented) The system architecture of claim 1 6, wherein said 
bandwidth cost (c #) associated with sending traffic from a MAP node /' to an IPSG node j 
comprises the product of unit bandwidth cost (ay) between said MAP node i and said 



IPSG node j, and a sum of traffic JVj,*, V/ € P,Vj € Q \ from MAP node i to said CPE 



\k<=R, J 

node k that is directed through IPSG node j. 

18. (Previously Presented) The system architecture of claim 16, wherein said 
bandwidth cost (</,*) associated with sending traffic from an IPSG node j to a CPE node k 



CPE node k, and a total amount of traffic ]T s'yk , \fj <EQ,\/k&R t from MAP node i to 



CPE. 




comprises the product of unit bandwidth cost (e'jk) between said IPSG node j and said 




said CPE node k that is directed through IPSG node j. 
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19. (Previously Presented) The system architecture of claim 16, wherein said total 

amount of traffic JVj* from MAP node i to said IPSG node j is less than or equal to 

\*k, J 

total bandwidth capacity (g,y) between said MAP node i to said IPSG node j. 

20. (Previously Presented) The system architecture of claim 16, wherein said total 
amount of traffic ^] s'yk j from said IPSG node j to said CPE node k is less than or 
equal to total bandwidth capacity (h'jk) between said IPSG node j and said CPE node k. 

2 1 . (Original) The system architecture of claim 1 1 , wherein said MAPs provide 
dynamic switching and routing of data connections, while said IPSGs provide VPN 
services. 

22. (Currently Amended) A computer readable medium for storing instructions that, 
when executed by a processor, perform a method for optimally provisioning connectivity 
for network-based mobile virtual private network (VPN) services, comprising: 

identifying a set of virtual private network (VPN) customers, at least one mobile 
access point (MAP) and at least one customer premise equipment (CPE) associated with 
each VPN customer, and at least one Internet Protocol (IP) service gateway (IPSG) for 
facilitating VPN tunneling between a MAP and a CPE, wherein each said MAP is 
geographically remote from each said IPSG; and 

selecting a subset of IPSGs to maximize total profit resulting from provisioning a 
subset of VPN customers on the selected IPSGs by: (a) determining network parameters; 
(b) formulating an aggregate costs per customer for provisioning a customer and resultant 
profit; and (c) solving optimization problem for integer variable S , ^ Zjt such that profit G 
is maximized , wherein said total profit from all the customers comprises the sum of 
profits from each customer (I), where for each customer profit (if) equals weighted 
revenue {J V 1 ) less cost (C 1 ) (lf= Y V-Cf), wherein said cost per customer comprises a 
total tunnel bandwidth cost (C' c ) from said MAP to said CPE, and a cost (CV) of 
provisioning an IPSG node. 
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